Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/l-with/ansible-role-nginx

ansible ansible-role nginx

Last synced: 28 days ago
JSON representation

Host: GitHub
URL: https://github.com/l-with/ansible-role-nginx
Owner: l-with
License: mit
Created: 2021-05-27T20:17:51.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2023-03-13T19:27:28.000Z (almost 2 years ago)
Last Synced: 2024-10-28T15:52:49.240Z (3 months ago)
Topics: ansible, ansible-role, nginx
Language: Jinja
Homepage:
Size: 51.8 KB
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Ansible Role Nginx

Install Nginx with configuration using Let's Encrypt certificate

## Hard Coded Defaults

```conf

    ssl_ecdh_curve secp384r1;

    server_tokens off;

    ssl_prefer_server_ciphers on;

    add_header Strict-Transport-Security "max-age=31536000; preload" always;

```

## Usage

Without any parameter nginx is configured similar to a standard installation 

with Let's Encrypt installed.

Let's Encrypt is not installed, 

and the certificate is not generated by this module but assumed to be already installed.

## Role Variables

| group | variable | default | description |

| --- | --- | --- | --- |

| basic | `nginx_install` | `true` | if nginx should be installed and enabled |

| basic | `nginx_config` |  `true` | if the standard nginx configration should be done |

| basic | `nginx_restart` | `true` | if nginx should be restarted |

| basic | `nginx_configuration_home` | `/etc/nginx` | the configration home of nginx

| basic | `nginx_server_FQDN` | | the FQDN of the server for nginx_server_name and Let's Encrypt certificates |

| vouch | `nginx_vouch_FQDN` | | the FQDN of vouch-proxy |

| vouch | `nginx_vouch_port`: `9090` | the port of vouch-proxy |

| extra | `nginx_GNU` | `true` | if the [GNU Terry Pratchett](http://www.gnuterrypratchett.com) header should be inserted |

| configuration | `nginx_https_map` | | the map stanza configuration for nginx https configuration |

| configuration | `nginx_https_conf` | | the nginx https configuration after `server_name` |

| configuration | `nginx_confs` | `[]` | the extra configurations for nginx as list of dicts, the `loop_var` is `nginx_conf` |

```yaml

  - port: 8201

    server_name: www.example.com

    FQDN: www.example.com

    nginx_conf: |-

      location / {

        proxy_pass         http://localhost:9201/;

        proxy_http_version 1.1;

        proxy_read_timeout 900;

        proxy_set_header  Host              $host;

        proxy_set_header  X-Real-IP         $remote_addr;

        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;

        proxy_set_header  X-Forwarded-Proto $scheme;

      }

```

| dict | element | description |

| --- | --- | --- |

| `nginx_conf` | `port` | the port for `listen` |

| `nginx_conf` | `server_name` | the server_name for `server_name` |

| `nginx_conf` | `FQDN` | the FQDN use for include Let's Encrypt certificates: `/etc/letsencrypt/live/{{ nginx_conf.FQDN }}/...` |

| `nginx_conf` | `nginx_conf` | the configuration to be included in the `sever` stanza |